1 | #define USE_MSG_BINDING
|
---|
2 | using System;
|
---|
3 | using System.Collections.Generic;
|
---|
4 | using System.Linq;
|
---|
5 | using System.Text;
|
---|
6 | using System.ServiceModel.Channels;
|
---|
7 | using System.ServiceModel;
|
---|
8 | using System.Security.Cryptography.X509Certificates;
|
---|
9 | using System.Net;
|
---|
10 |
|
---|
11 | namespace HeuristicLab.Hive.Contracts {
|
---|
12 | public static class WcfSettings {
|
---|
13 |
|
---|
14 | public const string SERVERCERT = "HIVE-Server";
|
---|
15 | public const int DEFAULTPORT = 9000;
|
---|
16 |
|
---|
17 | /// <summary>
|
---|
18 | /// Gets a pre-defined binding using TCP for secure transport.
|
---|
19 | /// </summary>
|
---|
20 | /// <returns>A binding type of <see cref="NetTcpBinding"/></returns>
|
---|
21 | public static Binding GetBinding() {
|
---|
22 | #if USE_MSG_BINDING
|
---|
23 | NetTcpBinding binding = new NetTcpBinding(SecurityMode.Message);
|
---|
24 | #else
|
---|
25 | NetTcpBinding binding = new NetTcpBinding(SecurityMode.TransportWithMessageCredential);
|
---|
26 | binding.Security.Message.ClientCredentialType = MessageCredentialType.Certificate;
|
---|
27 | #endif
|
---|
28 | return binding;
|
---|
29 | }
|
---|
30 |
|
---|
31 | /// <summary>
|
---|
32 | /// Defines the used certificate for authentification located in a certification store.
|
---|
33 | /// </summary>
|
---|
34 | /// <param name="svchost">A service for which this certificate is applicable.</param>
|
---|
35 | public static void SetServiceCertificate(ServiceHost svchost) {
|
---|
36 | svchost.Credentials.ServiceCertificate.SetCertificate(
|
---|
37 | StoreLocation.LocalMachine,
|
---|
38 | StoreName.My,
|
---|
39 | X509FindType.FindBySubjectName,
|
---|
40 | SERVERCERT);
|
---|
41 | }
|
---|
42 |
|
---|
43 | /// <summary>
|
---|
44 | /// Gets the currently active IP address.
|
---|
45 | /// <remarks>If more than one IP connections is active, the first one will be used.</remarks>
|
---|
46 | /// </summary>
|
---|
47 | /// <returns></returns>
|
---|
48 | public static string GetActiveIP() {
|
---|
49 | return System.Net.NetworkInformation.IPGlobalProperties.GetIPGlobalProperties().GetActiveTcpConnections()[0].LocalEndPoint.Address.ToString();
|
---|
50 | }
|
---|
51 |
|
---|
52 | /// <summary>
|
---|
53 | /// Gets the default port used for HIVE services.
|
---|
54 | /// </summary>
|
---|
55 | /// <returns></returns>
|
---|
56 | public static int GetDefaultPort() {
|
---|
57 | return DEFAULTPORT;
|
---|
58 | }
|
---|
59 | }
|
---|
60 |
|
---|
61 | /// <summary>
|
---|
62 | /// This class verifies the certificate defined by <see cref="SetServerCertificate"></see> method. Normally,
|
---|
63 | /// the verification process is managed by the underlying operating system.
|
---|
64 | /// </summary>
|
---|
65 | /// <remarks>
|
---|
66 | /// WARNUNG: Dieser Code wird nur für Testzertifikate benötigt, wie sie beispielsweise von makecert erstellt werden.
|
---|
67 | /// Sie sollten diesen Code nicht in einer Produktionsumgebung verwenden.
|
---|
68 | /// </remarks>
|
---|
69 | public class PermissiveCertificatePolicy {
|
---|
70 | string subjectName;
|
---|
71 | static PermissiveCertificatePolicy currentPolicy;
|
---|
72 | PermissiveCertificatePolicy(string subjectName) {
|
---|
73 | this.subjectName = subjectName;
|
---|
74 | ServicePointManager.ServerCertificateValidationCallback +=
|
---|
75 | new System.Net.Security.RemoteCertificateValidationCallback(RemoteCertValidate);
|
---|
76 | }
|
---|
77 |
|
---|
78 | public static void Enact(string subjectName) {
|
---|
79 | currentPolicy = new PermissiveCertificatePolicy(subjectName);
|
---|
80 | }
|
---|
81 |
|
---|
82 | bool RemoteCertValidate(object sender, X509Certificate cert, X509Chain chain, System.Net.Security.SslPolicyErrors error) {
|
---|
83 | if (cert.Subject == subjectName) {
|
---|
84 | return true;
|
---|
85 | }
|
---|
86 | return false;
|
---|
87 | }
|
---|
88 | }
|
---|
89 | }
|
---|